Re: Hiding NATs with PF
From: ? (pakrat_at_localhost.private.neotoma.org)
Date: 09/28/05
- Next message: Max Bolingbroke: "Re: Hiding NATs with PF"
- Previous message: Greg Hennessy: "Re: Hiding NATs with PF"
- In reply to: Max Bolingbroke: "Re: Hiding NATs with PF"
- Next in thread: Max Bolingbroke: "Re: Hiding NATs with PF"
- Reply: Max Bolingbroke: "Re: Hiding NATs with PF"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Wed, 28 Sep 2005 20:32:04 GMT
On 28 Sep 2005 11:02:55 -0700 in <1127930574.982857.72530@g14g2000cwa.googlegroups.com> Max Bolingbroke <batterseapower@hotmail.com> wrote:
>
> Interesting, they don't cite that as a reason. What abuse could be
> hidden by a NAT that could not be hidden by a single host with firewall
> enabled? Could you please tell me if the one they give (above) is
> actually valid? If so I will of course comply with their request.
NAT can hide zombied boxes from regular scans for their currently known
subset of zombied boxes.
In addition NAT can prevent them from using existing exploits to install
spyware.
Some NAT devices were (and may still be) susceptable to being
compromised.
As a general rule the 11th commandment (Thou shalt not get caught) applies.
Do not announce the presence of a NAT device.
Do not obviously abuse it.
Be prepared to switch to connecting directly with zero notice.
Remember it's easier to seek forgiveness than permission :-).
-- Chris Dukes Suspicion breeds confidence -- Brazil
- Next message: Max Bolingbroke: "Re: Hiding NATs with PF"
- Previous message: Greg Hennessy: "Re: Hiding NATs with PF"
- In reply to: Max Bolingbroke: "Re: Hiding NATs with PF"
- Next in thread: Max Bolingbroke: "Re: Hiding NATs with PF"
- Reply: Max Bolingbroke: "Re: Hiding NATs with PF"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
